Save Linux terminal session (script)

During daily work, sometimes we perform tasks that we would like to document properly.entrada Linux script

In this post we will see how to save an entire Linux terminal session, so that we can subsequently include any documentation.

The command we use is:


Continue reading

iptables output examples, configuration for outgoing connections, Red Hat/CentOS or Ubuntu

As an extension of the post “Configuring iptables firewall RedHat/CentOS 6 from command line“,  this time we will see how to secure outbound connections to our server.

Limiting outgoing connections may seem a little paranoid, but in case of an attack your machine will be used to “jump” to others or send mails. I know this may still sound even more paranoid, but these things happen and are very real, I want to do a post later trying a real case.

Come to the point, we start from an initial situation:

[root@oradb ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Continue reading

Apache SSL client certificate, configuring Apache to allow access only SSL certificate installed on client

Let’s configure Apache (on an Ubuntu 12) to allow access to clients with an installed SSL certificate personnel, first we have to create some structures to later work with revocation lists.

The first is to have openssl installed:

ubuntu@ip-10-112-31-82:~$ sudo aptitude install openssl

We will create a directory structure that conforms to the expected paths for the configuration file openssl.cnf:

ubuntu@ip-10-112-31-82:~$ mkdir -p /vol/apache2_certs
ubuntu@ip-10-112-31-82:~$ cd /vol/apache2_certs/
ubuntu@ip-10-112-31-82:/vol/apache2_certs$ sudo cp /etc/ssl/openssl.cnf .

The openssl.cnf file defines a directory structure to work among other things with lists of denial of certificates, will edit and modify the line:

Continue reading

rescan scsi linux

If we add disks in hot (from any system virtualization) it is possible that the OS does not know until we do a rescan of the SCSI bus, this can be done with the tool:

Source -a

To install RedHat/Centos:

yum install sg3_utils

Continue reading

LVM external drive, HDD data access with LVM partition (eg a USB HD)

The LVM volumes have many advantages but when you connect a hard drive (with LVM) to an operating system (for example via USB) and want to access the data, we see that is not automatic.

To access the data directly we can mount the volume because the device simply does not exist, this can be easily solved. The sequence of actions is:

1- Connect the HD (logically)
2- Perform vgscan
3- Perform lvscan
4- Enable LVM volume desired
5- Mount the device and access the data

To extract HDD must:

Continue reading

md raid replace drive, software mdRAID

On this occasion we will see how to regenerate a software RAID in Linux.

Detected by SMART error type:

Smarctl diagnosis:

[root@simba ~]# smartctl -H /dev/sda
smartctl 5.42 2011-10-20 r3458 [x86_64-linux-2.6.32-279.el6.x86_64] (local build)
Copyright (C) 2002-11 by Bruce Allen,
SMART overall-health self-assessment test result: FAILED!
Drive failure expected in less than 24 hours. SAVE ALL DATA.
Failed Attributes:
1 Raw_Read_Error_Rate     0x002f   001   001   051    Pre-fail  Always   FAILING_NOW 330223

Continue reading

Apache LDAP authentication

The most basic authentication can be configured on a Apache is access by file, but in this post we will see how to configure Apache to authenticate users against an LDAP.

The advantages are obvious, we can use a centralized authentication LDAP directory, either to validate us in applications or to access the web services of the company.

For the examples we have used a Ubuntu 12.04 and Apache 2.2, the first thing we have to do is install the necessary Apache modules and activate them:

sudo aptitude install libapache2-mod-ldap-userdir
sudo a2enmod authnz_ldap

Continue reading

iptables ddos configuring recent, prevent denial of service attacks (DOS Denial Of Service) Linux (Match recent extension)

Recently has contacted me a companion called Miguel Angel (greetings) to see if he could help out with attacks that are suffering. Obviously I will not use your data for anything in this entry.

In this post we will make a more accurate filtering of incoming communications, to prevent DOS attacks.

In the previous post “iptables ddos limit configuration, prevent denial of service attacks on Linux (Match extension limit)” is shown as filter limiting the number of hits. The great improvement in recent vs limit extension is that recent maintains a list of source IPs communication and limits are set by source IP. The limits imposed limit extension regardless of origin, is an overall limit.


Continue reading

iptables ddos limit configuration, prevent denial of service attacks on Linux (Match extension limit)

When we operate a web server, it should apply basic protection to avoid any possibility that a “good” person (with all the sarcasm), is dedicated to run JMeter (excellent software designed for load tests) with the idea of saturate our server.

These are things that really happens, it is nothing paranoid.

One way to avoid these attacks is through iptables (I have a broader input on iptables), a configuration example would be:

Continue reading